British government under fire for upload of millions of medical records

Share This article

According to explosive allegations from prominent Tory MP Sarah Wollaston, the consulting firm PA Consulting may have conducted one of the largest and most serious misuses of data in history by uploading 27 DVDs worth of “pseudonymised hospital episodes statistics” into Google BigQuery. Google BigQuery is a cloud-based Big Data analysis suite that’s designed to quickly parse huge data sets in seconds to return useful information.

The allegations against PA Consulting are particularly damning at the moment. A month ago, the UK announced that the NHS (National Health Service) would begin selling data to health insurance companies and pharmaceutical manufacturers. This provoked a firestorm of controversy that hasn’t been assauged by promises to anonymize the data. So-called “anonymizing” techniques have proven pitifully easy to break in most cases. Studies have shown that 87% of Americans can be uniquely identified using just three pieces of data — birth date, gender, and zip code. The British scheme provoked further protests by being opt-out rather than opt-in.

The leak

The Guardian, quoting Wollastan, states that PA Consulting uploaded the “entire start-to-finish HES [hospital episode statistics] dataset across all three areas of collection – inpatient, outpatient and A&E.” It further testifies that the data set was the size of 27 DVDs, took weeks to upload, and quotes unnamed management consultants as saying: “Within two weeks of starting to use the Google tools we were able to produce interactive maps directly from HES queries in seconds.”

The problem with PA Consulting is that the company handwaves its security concerns at every step. It blithely promises that it bought this data from the NHS but took “certain security restrictions.” It states: “As PA has an existing relationship with Google, we pursued this route (with appropriate approval). This shows that it is possible to get even sensitive data in the cloud and apply proper safeguards.”

Literally the only proof provided in PA Consulting’s documentation that the safeguards are appropriate or thorough is the use of the word “appropriate.”

In the wake of the story, PA Consulting has noted that it purchased the Health and Social Care Information Center (HSCIC) through appropriate channels, that the data is secured appropriately, and that the information was safeguarded according to government standards. The HSCIC has released its own statement confirming this to be the case. Unfortunately, the HSCIC has previously acknowledged that its own recommended “best practices” for anonymizing data may not be up to the job.

It’s not clear if this is the end of the story; some sources have hinted that there are far worse announcements to come. From the shape of things at the moment, PA Consulting may not have broken the law. But the sober takeaway here is that the collaboration between governments and corporations when it comes to grinding your personal data into sellable chunks has nothing to do with serving you, the original owner of said information.

If the goal was to balance the genuine privacy concerns of the individual against better insight into medical costs or drug treatments, the government would have created a new set of ironclad anonymizing practices, while the consultant group would have bothered to explain its precautions when handling this information. Instead, we’re told that we should trust PA Consulting’s relationship with Google, as if Google had been chosen to host this information through an open bidding process and in direct partnership with the NHS itself.

Google’s BigQuery is not the problem. The problem is that these partnerships and cooperative efforts have been negotiated like backroom deals. Of course, it’s hard for the United States to throw stones on that particular topic — our HIPAA (Health Insurance Portability and Accountability Act) laws may be slightly tighter, but the NSA’s obsessive wiretapping and spying have destroyed any claims we might once have made about our respect for citizen privacy.

The most damning thing about this story is that, if the current explanations hold, there may be nothing anyone in the UK can do about it.

Tagged In

Post a Comment

Winston Smith

whats the problem… i want to be safe n the hospitals 2 be knowing everythin they need 2 know. so what if they know about losers havin mental breakdowns or whatever, the guv needs 2 know about stuff like that. nothin 2 hide nothin 2 fear. besides i avent been 2 the hospital in ages so i dnt care. wud def lol if the records r used 2 blackmail reporters and journalists tho. wud b so funny if the guv could stop ppl tellin secrets n makin the guv look bad by usin this database haha!!! go labor party!

preilly2

This revelation seems to be a perfect example of what I’ve been both fearing and assuming for several years now: Governments and large corporations are perfect partners, with many of the selfsame goals. No wonder they cooperate so closely. Each craves maximum power, which requires maximum knowledge about everything and (more ominously) everyone. Now the means for colluding to acquire that nearly limitless information is upon us, and the power-mad are naturally availing themselves of it. This is predictable, but unacceptable. We citizens need to wake up and demand meaningful, stringent legal safeguards for protecting our personal data and privacy. Much easier said than done, but the alternative means the effective end of any pretense of democracy.

sloppyslim

and now the men in the middle have 27 dvds of patient records

why does the government want those genome sequences so badly … theres more to it than just crime and whos the daddy

Joel Hruska

This information isn’t DNA samples (you’d need a hell of a lot more than 27 DVDs to hold the genome of Great Britain). It’s general medical information.

Geoff Cunningham

I have done consulting work for the NHS in the past. I read this whole article and I fail to see what the issue is. Seems pretty sensible to me. Those 27 DVDs were probably ward transfer data (which is seriously useful for planning and efficiency), theatre usage records, and maybe some diagnostics and patient first data from the emergency department. While you definitely need to be careful that you don’t have a full triangle of patient identifiable data, for all practical purposes you don’t need it anyway, so why take the risk? Almost everything you can do with an anonymised unique identifier.

If Google’s tech and servers can make the NHS more efficient and means we get more hip replacements etc. and improve patient care for the same or less cash, that’s got to be a good thing.

Joel Hruska

I believe I lay out the problems concisely. It is not reasonable to conclude that because I share information with the NHS, I have thereby agreed to share it with Google, particularly when the NSA has revealed it does things like tap datacenter linkages on Google servers.

By your logic, having agreed to share private, confidential data with the NHS, I have agreed to share it with Google. And the NSA. And (given that the NHS was discussing selling such information to pharmaceutical companies and health insurers) I’ve agreed to share it with them, too.

In other words, the act of EXISTING in a medical system has become equivalent to sharing my information with anyone who wants it with no oversight or insight into that situation?

No. I think not.

Geoff Cunningham

This is an example of the kind of wardstay record we are talking about:

Without knowing the specifics, there could be fields like patient DoB, gender, ethnic background as well. If it’s a Google server, unless someone made a massive balls-up I doubt it has Patient Name or Address or anything like that.

There will be literally millions of records like this.

With this data, you can do things like prioritize certain ward rounds, tweak rotas so the right consultants are on duty at the right times, measure the impact of improving TTO medication delivery times, and therefore how much you can invest to improve that area etc… but it takes a lot of analysis. Google aren’t interested in it at all, and even if they were they can’t do harm with this data. Spending taxpayers money on separate secure servers for data with no security concerns wouldn’t be my recommendation when there’s no real risk.

Anyone in the hospital at the time would know this information. I may not speak for everyone but for me, it is far less of an intrusion than a photo of me topless on a beach put on facebook.

Joel Hruska

If I have your date of birth, your gender, and your ethnicity, I can find out your name with trivial effort.

Use of this site is governed by our Terms of Use and Privacy Policy. Copyright 1996-2015 Ziff Davis, LLC.PCMag Digital Group All Rights Reserved. ExtremeTech is a registered trademark of Ziff Davis, LLC. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis, LLC. is prohibited.